Slashdot Mirror
Google, Facebook and Twitter To Block "Hash Lists" of Child Abuse
An anonymous reader writes: Facebook, Google, and Twitter are teaming up with the UK's Internet Watch Foundation (IWF) to share hash lists of blocked indecent images. The move is intended to ensure that a picture pulled from one site can't show up again elsewhere. The BBC reports: "Online security specialists welcomed the move as a positive step, but said it would not block content on the 'darknet' — a network with restricted access — where abusers often posted images."
Your comment matches a hash submitted to the block list. Please report to the authorities for mandatory castration. Have a nice day.
Well ... this is great if no two things can have the same hash.
But as soon as it starts blocking my picture of my dinner as kiddie porn, having Facebook and Twitter block it becomes fairly meaningless.
I mean, are people using Google, Twitter, and Facebook for this stuff?
Lost at C:>. Found at C.
I see stuff I don't want to see all the time. That doesn't mean that other people don't have a right to post it. I can't recall a time where I ever came across an illegal image on Facebook or Twitter. Against TOS/AUP, sure. Trashy or tasteless? Definitely. But not illegal.
And such a policy would be easily be circumvented. Flip the image horizontally. Crop it. Change the resolution slightly. Add more jpeg. Write a meme on it. Change the color balance slightly. It might stop the exact same image from spreading, which isn't a bad thing, but I don't know how much of a benefit it really will be in the end.
Wait, is it abusive to view and distribute? It's abusive to create, for certain; I'm not sure I buy the line about viewing and distributing.
OIG explained to our entire department one day that, each time a person views a child pornography image, the person in the image is victimized again. I've not yet wrapped my head around the idea of someone suddenly stopping somewhere as the finger of God touches them inappropriately, collapsing to their knees and gasping for breath in distress as some dude in Korea looks at their naked 12-year-old body.
Many in the last decade held the opinion that the greater crackdown on child pornography possession was an excuse to draw attention away from the lack of action against child pornography production. What happened? Do we now all accept producers and care most about consumers? That sounds like a by-the-numbers approach confounding two very different things: 10 producers and 990 consumers are not 1000 child abusers, but 10 child abusers. Eliminate 900 of the consumers and you still have exactly as many children being abused exactly as frequently--and my own sense of doing it by the numbers tells me the numbers aren't any better in that case. I'll be the first to push 100,000 kids off a cliff in a bus to save 1,000,000 people from terrible death, but methinks you've simply avoided saving anyone and, perhaps, saved yourself dirtying your hands with the bus.
It's not that I disagree with what you're doing, Mr. Anderson; I just want to ensure you're going about it in the most efficient way.
Support my political activism on Patreon.
While it is an interesting concept, it is doomed to fail as a simple single pixel edit or hidden attribute edit will change the file's hash.
Its not a hash in the sense of MD5/SHA etc that hashes the file contents at the byte level. Its a perceptual image hash, a well studied technique.
A image will have the same hash even if a few pixels change or e.g its rotated/mirrored etc.. and resized of course
Image recognition is straightforward enough today to quickly find almost identical matches and generate the new hash. TinEye is really good for this kind of thing, and I'm sure Google's image match also works sufficiently well to keep an updated list of all the one-offs. Pretty easy to update it just like AdBlock or an SSL cert blacklist.
This probably isn't a bad idea even though it won't stop the perverts. It greatly lessens the chance someone will come across something they didn't want to see.
When they cam for the perverts, I said nothing, for I was not a pervert?
This exact technology will allow governments to exercise very powerful censorship across the internet (or at least the part of the internet most people see). Want all pictures from that protest rally to vanish? Just twist the arm of any of these companies into adding a few hashes, or just slip them into a list the FBI no doubt routinely provides, and, just like that, down the memory hole. Plus, as you say, this won't stop the perverts. The only thing this actually accomplishes is empowering the totalitarian state.
We seen a couple of stories here on /. already where IP blocklists were abused by governments to slip in websites of opposing political parties. It's a bit hard to believe this won't be abused similarly.
Socialism: a lie told by totalitarians and believed by fools.
That would work if most CP was created for profit instead of for the joy of molesting a 12 year old and sharing that with others of the same mindset.
Hate crime (also known as bias-motivated crime) is a usually violent (lock em up, kidnapping, sex offender lists, etc), prejudice motivated crime that occurs when a perpetrator (social justice warriors) targets a victim because of his or her perceived membership in a certain social group (paedophilia).
This fight against paedophiles is really just unjustified homophobia in disguise, a form of racism, etc. The Internet Watch Foundation is not attacking child abuse, they are attacking paedophiles. The very article describes this as a " fight against paedophiles". There is no reason to think the vast majority of paedophiles are harming kids. This is why they're attacking child pornography. It's an easy target that won't go away and they can't possibly eliminate.
It shares so many similarities with the war on drugs. If there is one group of people you can attack and generally get agreement on this is it. It's too small, unorganizable, spread out, etc, and nobody would dare defend it out of fear for there lives. This gives the social justice warriors ample room to do what they want. They are really nothing but a misguided group of racists spreading hatred and fear. You wouldn't attack homosexuals because some are sexually abusing little children. It's no different with paedophiles. The entire war on paedophilia is identical to the war on drugs. It's utterly illogical. The idea that porn leads to sexual abuse was disproved long ago. It's just like violent video games leading to violence in the real world. The reality is studies have shown the exact opposite to be true.
This is doing nothing other than implementing a system of censorship and giving people the perception something is being done to stop child abuse. It's not. The article even says they're not able to stop the spread. It's not even illegal to be a paedophile, and yet they have no aversion to expressing there hatred for this group. They accuse an entire group of wrongdoing when there is zero evidence of that. There isn't any means to even produce such evidence because all the studies that back up paedophiles being bad were done on an imprisoned population which wouldn't represent paedophiles as a whole. It only represents violent paedophiles. It's no different than doing a study on homosexuals after locking up homosexuals. There is going to be a disproportionate number of violent homosexuals in custody.
They're not attacking people who abuse children. They're attacking a group of people who are hated for no logical reason. It's no different than attacking homosexuals for what a minority have done.
Go watch the 1950's Anti-Homosexual PSA - Boys Beware to see exactly what I'm talking about:
https://www.youtube.com/watch?v=17u01_sWjRE
They imply all homosexual are evil-doers that want to harm little children. It's utter nonsense.
How about recognizing that these feelgood solutions are more for getting it outta sight outta mind than for actually stopping the abuse of children?
False positives will be hell. It's bad enough that the content might be blocked or de-indexed, but imagine if perfectly innocent photos were tagged as child pornography. It's also worth noting that the IWF is not regulated or overseen in any meaningful way, and once broke Wikipedia with it's overzealous blocking of an album cover that had been on sale in the UK for decades.
I'm just astounded that this is even worth doing. How dumb do you have to be to post child pornography to Twitter or Facebook?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
No. I use a similar algorithm to deduplicate my obscenely large stash of furry pornography*. It works, but there's a problem.
Let's say that the chance of two unrelated images matching is, say, one in million. Great. That sounds amazing - and it is, that's ridiculously optimistic for phash alone, but we can assume they have something better involving composite hashes.
Now feed into that a sizable database of child abuse imagery - say, ten thousand images. And a copy of the facebook photo library for one day, which is 350 million photos. Yes, that's facebooks claim, do not underestimate the number of compulsive photographers. That's 3,500,000,000,000 comparisons, and at your optimistic one-in-a-million error rate, 3,500,000 false positives to investigate every day.
It can be done, but it's going to need a bit more than just perceptual hash comparisons.
*Thus posting as AC.
Got to caught up in checking the math I forgot to tick the box. Bah. Well, no-one cares anyway.
Possession of child pornography is illegal in itself. Given that how would they have the original image to match against?
Almost every child pornography possession statute that I've seen has an exception for law enforcement activities. For example, a jury examining photos in a jury room wouldn't be guilty of possession if those photos are evidence presented at trial.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
The only thing this actually accomplishes is empowering the totalitarian state.
Since I'm usually on your side of that argument, I will respond by saying that there are already plenty of filtering/sifting technologies in place. I think you're getting to the point in your argument where "anything that can be used by the totalitarian state is a bad thing", which almost sounds like insisting we don't build or implement anything new that's useful to deal with large amounts of information.
The media really makes it seem like nothing happens on the darknet other than child porn and terrorism. It's fitting that they really push this at a time when a more usable darknet should be very attractive to most people. Your IP address, cookies, device ID, browswer ID, OS ID, various logins are all being cross referenced. Your professional work 'searches' are going to be put in a pile with the rest of 'it'.
X
I, for one, will be generating trillions of copies of the Virgin Killer cover art, to cover as much of the hash space as possible.
Bravo on your stoicism!
If I catch my daughter camming for the perverts, I certainly am not saying nothing.
Let's say that the chance of two unrelated images matching is, say, one in million. Great. That sounds amazing - and it is, that's ridiculously optimistic for phash alone, but we can assume they have something better involving composite hashes.
For the reasons you outline, a hash with a one-in-a-million collision rate (one in 2^20) is worthless for this purpose and for many purposes. Maybe this is an accurate rate for phash. That's because it's a fuzzy hashing algorithm. Typically, all of these law enforcement applications use MD5 or SHA-1, which have collision rates around 2^128 to 2^160 (not including manufactured hash collisions).
Now feed into that a sizable database of child abuse imagery - say, ten thousand images. And a copy of the facebook photo library for one day, which is 350 million photos. Yes, that's facebooks claim, do not underestimate the number of compulsive photographers. That's 3,500,000,000,000 comparisons, and at your optimistic one-in-a-million error rate, 3,500,000 false positives to investigate every day.
It can be done, but it's going to need a bit more than just perceptual hash comparisons.
The numbers are, of course, much different when your hash has collision rate that's many, many orders of magnitude lower.
The interesting thing is that your hash mechanism really is untrustworthy if any two images in your total pool (Facebook photos + child abuse photos) have a collision. Since the Facebook photos dominate that set, you really can just look at the probability of a collision within the Facebook set. MD5 hashes are good up to about a trillion different items, which is much larger than even years of Facebook photo data.
IWF, incidentally, claims they will be publishing MD5, SHA-1, and PhotoDNA hash lists. I can't comment on the collision rate of PhotoDNA hashes.
We don't find people filming murders for sexual gratification. If that were the case, then that could very well become illegal too.
Although fake kiddie porn is just as illegal as the real thing, filming fake murders for others' gratification (hopefully not sexual, but who knows) is big business. Hollywood makes billions on it. Ditto first-person shooter games.
Something is screwed up somewhere.
-- Alastair
There are "robust" image hashes out there, so that is not the real problem here. The real problem is the huge opportunity to do censorship this way. And anybody even trying to find out whether this is real or a complete abuse of the law will see some illegal pixels and will have searched for them, and hence can be easily removed to jail for a long, long time. Basically, doing it this way removes any legal possibility for ordinary citizens to evaluate what is going on and complain about abuses (except for very specific cases). The chilling effect is staggering. If that is not hugely dangerous, I do not know what is.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.